CNNVD-202511-2860 Information
CNNVD ID
CNNVD-202511-2860
Related CVE
- CNNVD Published: 2025-11-26
Description (Chinese)
Zenitel TCIV-3+是挪威Zenitel公司的一个IP对讲终端。 Zenitel TCIV-3+ 9.3.3.0之前版本存在操作系统命令注入漏洞,该漏洞源于输入验证不完整,可能导致未经验证的攻击者注入任意命令。
Description (English)
Zenitel TCIV-3+ is an IP chat terminal for Zenitel, Norway. Zenitel TCIV-3+9.3.0 had a gap in the operating system commands, which stemmed from incomplete input certification, which could lead to the injection of arbitrary orders by unverified attackers.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
Zenitel
Published
2025-11-26
Last Modified
2026-02-24
References
https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29 https://www.cisa.gov/news-events/ics-advisories/icsa-25-329-03 https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-329-03.json https://access.redhat.com/security/cve/cve-2025-64128
Patch
https://wiki.zenitel.com/wiki/Downloads#Station_and_Device_Firmware_Package_.28VS-IS.29
Share on: